by June Kaminski, RN MSN PhD(c)
Editor in Chief
October is recognized as Cyber Security Awareness Month in several countries, including Canada. “Cyber Security Awareness Month is an internationally recognized campaign held each October to inform the public of the importance of cyber security. This campaign is focused on helping all Canadians be more secure online, by being informed and knowing the simple steps to take to protect themselves, their families, their workplace and their devices. The month is divided by themes which highlight different aspects of cyber security” (Government of Canada, 2018c, p.1).
The themes for October 2018 are divided into five sections:
- Week 1: Oct. 1-7 Our internet; our cyber security
- Week 2: Oct. 8-14 Buy Secure
- Week 3: Oct. 15-21 Our Data is Valuable
- Week 4: Oct. 22-28 Our critical eye and the internet
- Week 5: Oct. 29-31 Our Future in Cyber Security
As part of this special month, the Government of Canada will launch the new Canadian Centre for Cyber Security(CCCS) on October 1, 2018. This is a site that all Canadians should become familiar with, including nurses. Nurses need to keep up with cyber security strategies to protect their own information and data, and to arm themselves with the knowledge to protect clients and their families, especially when they access online health information, and engage in health related data sharing and access with their health care providers.
One important aspect of cyber security awareness is the development of digital literacy. Nurses need to learn to assess their clients’ digital literacy when recommending online resources and mobile device apps, or engaging with clients online via eHealth or through telehealth and EHR platforms. According to Media Smarts (n.d., p. 1), “Digital Literacy is more than technological know-how; it includes a wide variety of ethical, social and reflective practices that are embedded in work, learning, leisure and daily life. One component of Digital Literacy is the set of skills that help us comprehend, contextualize, and critically evaluate digital media so that we can make informed decisions about what we do and encounter online.” A video to share with clients, called How Cyber Safe Are You In The Digital Age? as well as an infographic, are tools that can help to boost digital literacy.
Digital Literacy and cyber security awareness pertain to a wide array of platforms and access points – all of these are becoming more common in health care delivery, thus are important aspects that nurses and other health care professionals should be cognizant and capable of addressing with clients in their care. This includes cyber security risks related to:
The Internet of Things (IoT)
IoT devices are smart, embedded, and connected with other machines/devices at home, in public places, and in institutions. “They collect and exchange information with one another and with us. Smart devices can be remotely controlled and monitored, or work automatically, through a variety of software, cameras and sensors. There are many types of smart devices, and more emerging every day” (Government of Canada, 2018b, IoT page). This includes data collected via wearable health devices such as fitness trackers and physiological monitors. A toolkit (Government of Canada, 2017) can be downloaded, entitled Internet of Things Toolkit for Small and Medium Businesses that can inform nurses about the precautions and guidelines to use to help protect their clients when using or being exposed to IoT technology.
Mobile devices such as smart phones and tablets may be at risk for viruses, malware, and trojans that can put a client’s personal information at risk. Any apps or devices used within healthcare should be properly vetted before being recommended by nurses. “Using mobile devices to access patient health records and other clinical data in a clinic setting can pose a significant risk if they are unsecured” (Doctors of BC, 2018, p. 19). The video Easy Ways to Stay Safe on Your Mobile can be shared with clients to help them learn tips to stay cyber secure when using their mobile devices.
Social media platforms are often used by the general public and are being included more and more in health care related ways. When nurses or other health professionals use social media platforms to communicate with clients, strict adherence to protect client identity and privacy must be upheld. Health related information or advice given by nurses via social media platforms must also be evidence-informed, reliable, and given within the professional’s scope of practice. Nurses can share the video, Easy Ways to Stay Safe on Social Networks with clients for a great overview of cyber security within social media platforms.
General Daily Activities
Other day to day activities where clients should be warned about possible infringement on their privacy and cyber security include email, online gaming and entertainment, Voice Over Internet Protocol (VoIP), downloading and file sharing, banking, and shopping online.
The GetCyberSafe.ca Toolkit provides a great overview of resources that nurses can access to share with their clients to help convey the importance of cyber security in easy to understand and engaging ways.
Another critical aspect of cyber security awareness entails the security of institutional and organizational systems that handle health related personal information and data. Two useful open source tools available through the CCCS include:
Assemblyline– “a platform for the analysis of malicious files. It is designed to assist cyber defence teams to automate the analysis of files and to better use the time of security analysts. The tool recognizes when a large volume of files is received within the system, and can automatically rebalance its workload. Users can add their own analytics, such as antivirus products or custom-built software, in to Assemblyline. The tool is designed to be customized by the user and provides a robust interface for security analysts” (Government of Canada, 2018a, p. 1).
Harmonized Risk Assessment Methodology– is a “a set of tools designed to address all assets, employees, and services at risk. These are ready for integration with project management methodologies and system development life cycles to meet management needs for responsive solutions at both strategic and operational levels” Government of Canada. (2018b, Tools page).
Resources for Nurses
While every Canadian adult is responsible for their own cyber security awareness, nurses can be very valuable guides to help their clients learn to be aware and diligent when sharing their personal information and details of their lives in the cyberworld. When this information is part of health care, nurses and other health care professionals are duty-bound to do so. Why not take advantage of the national resources that are becoming available this October to develop YOUR cyber security awareness?
The Healthcare Information and Management Systems Society (HIMSS) (2016) has a wonderful infographic that nurses can download to learn and provide instant tips on cyber security awareness as seen below.
As well, Doctors of BC (2018) offer an excellent toolkit for physicians in private practice, the Physician Office IT Security Guide, that contains tips and guidelines that nurses can use as well, especially when working in clinics, telehealth, physician’s offices, nurse practitioner offices, and home care.
All of the resources discussed in this article can help nurses to develop cyber security awareness so that they can both protect and inform all those in their care, as well as themselves, their peers, and their workplace institutions or organizations.
So, how cyber security aware are YOU??
Doctors of BC. (2018). Physician Office IT Security Guide: General Guidelines for Physician Leads, Clinic Staff , Office Managers and Clinic IT Support. Doctors Technology Office.
Government of Canada. (2018a). Assemblyline:Canadian Centre for Cyber Security. Retrieved from https://cyber.gc.ca/en/assemblyline
Government of Canada. (2018b). Canadian Centre for Cyber Security. Retrieved from https://cyber.gc.ca/en/
Government of Canada. (2018c). Cyber Security Awareness Month Toolkit. Retrieved from https://www.getcybersafe.gc.ca/cnt/rsrcs/csam-tlkt-en.aspx
Government of Canada. (2017). Internet of Things Toolkit for Small and Medium Businesses.Retrieved from https://www.getcybersafe.gc.ca/cnt/rsks/ntrnt-thngs/bsnss-en.aspx
Media Smarts (n.d.). Digital Literacy Fundamentals. Retrieved from http://mediasmarts.ca/digital-media-literacy/general-information/digital-media-literacy-fundamentals/digital-literacy-fundamentals
The Healthcare Information and Management Systems Society (HIMSS). (2016). 2016 Healthcare Organization’s Guide to Keeping Information Safe and Secure. Retrieved from https://www.himss.org/library/2016-healthcare-organizations-guide-keeping-information-safe-and-secure